The introduction of devices such as ATM and Point of Sale (POS) electronic devices used in electronic financial transactions requires the users of these devices to physically have possession of their credit/debit cards and to enter identifiable information, most commonly a Personal Identification Number (PIN) or a numeric account address code, such as a zip code, in order to use the electronic device to initiate and complete an electronic financial based transaction. These electronic devices may use a system of physical card swipes of a magnetic strip or embedded chip in the card or may communicate with the card via Near Field Communications (NFC)
With regard to an ATM electronic device, it is connected, via a network, to a collection of massive interbank networks. The two largest interbank networks are Cirrus and Pulse, although there are many others. An ATM electronic device can only provide access to bank accounts that are enrolled in the interbank networks it has access to; these are usually listed on the side of the machine. These interbank networks use phone lines, internet access and central computers to distribute information among one another and facilitate financial transactions.
When the user inserts their debit or credit card into the ATM electronic device, it reads the information encoded on the magnetic strip on the back of the card or in a chip (chip & PIN technology EMV) embedded within the users card. That magnetic strip or the embedded chip may be encoded with a number of key identifiers such as the user's unique card number, and expiration date. The ATM electronic device then asks the user to enter their PIN on the physical keyboard integrated into, or attached to, the ATM electronic device in order to verify the authorization to access account funds and information. When they have verified the PIN, the ATM electronic device communicates with the user's bank to access their account information. The ATM electronic device can then be used to perform a number of electronic financial transactions including display of the users account balance or to distribute cash via the ATM electronic device to the user thus reducing the amount available in the users account. Per a report authored by Trends Today, there are 2,200,000 ATM electronic devices in use world-wide as of 2012.
Point of Sale electronic devices involve hardware and software used primarily by retailers to accept payment transactions from their customers. Retailers are the most common end users of POS systems. When a customer swipes their debit or credit card through the POS terminal, the transaction begins with the card reader extracting the Bank Identification Number (BIN) from the cards magnetic tape strip or from its embedded chip. The BIN identifies the type of card, debit or credit, as well as the issuing organization (VISA, MasterCard, American Express, etc.). The POS system then, based on the BIN, determines the network that should be accessed, the communications link for that network, and other operational parameters required to complete the transaction as quickly and securely as possible. These parameters include the data transfer rate, the line protocol, either synchronous or asynchronous, and the type of encryption and the encryption key to use. Like the ATM electronic Device, the POS electronic device then asks the user to enter their PIN or numeric account address code, such as a zip code, on the physical keyboard integrated into, or attached to, the POS electronic device in order to verify the authorization to access account funds and information. When the code entered has been verified, the POS electronic device communicates with the user's bank to access their account information. The POS electronic device can then be used to perform a number of electronic financial transactions including display of the users account balance or to distribute cash via the ATM electronic device to the user, thus reducing the amount available in the users account. Per a report by GAO Research, there are over 10,000,000 POS electronic devices in use in the USA alone and that over 28 billion transactions are conducted on these electronic devices each year.
As indicated above, the scope of penetration of ATM & POS electronic devices is huge and growing. Users today depend on this technology in their everyday life. But this dependence does not come without risk. Identity theft has become rampant today and losses are measured in the billions of dollars world-wide. It is also a very frustrating experience for users who have been compromised. Thus, new security measures, which reduce the possibility of their personal data being compromised, are highly attractive to these users. It is this user security which is being addressed in this disclosure. There is a common denominator present for all of the electronic financial transactions described above and that is the requirement that the card user input an identification number that confirms their authorization to use that account. If that identification number is compromised, an important element of the user's security umbrella has disappeared. This holds true regardless of the type of card used—debit or credit card. Or the card technology that provides the users information—magnetic strip or chip. Or the platform used for the electronic financial transaction—ATM/POS. Or the system and method used of presenting the personal data to the electronic device—card swipe or NFC (Near Field Communications). In all of these cases, the user is asked to enter a personal identifier that is often as simple as 4 numeric digits of a PIN or 5 numeric digits of a zip code.
This disclosure defines a system and method that increases the pool of characters available for inclusion in the personal identifier as well as increasing the physical security of the entry process on the keypad of the electronic device.